Is anyone elses firewall blocking attacks from IP 31.184.92.59 when accessing the URL for this site? Three unsuccessful attempts have been made to install a Java Rhino script, a JRE trusted method chaining kit, and another malicious toolkit to my laptop only when this site's URL is accessed. The attacking IP is in St. Petersburg, Russia. Any issues with GT-Rider being hacked?
Yep, i had some of these warnings coming on the Windows PC as well....
www.tigersachsclub.com
" Where there is a Wheel there is a Way! "
I also have had a similar threat detected by my antivirus. Its happened over the last 2 or 3 days when I first open this site ??
Dang, I didn't get any warnings... does that mean my antivirus sucks?
The Large Print Giveth, and the Small Print Taketh Away
No, but it could mean that your definitions are not up to date. Most of these former Eastern bloc hacks work for global organized crime orgs looking to steal identities/credit card info etc. They are sneaky and try to exploit vulnerabilities in legit code that sites need to work properly. And do it as long as possible before the site is aware of it and take steps to block them. So it is important to update your firewall/AV definitions and do a full scan DAILY. I just set it to start up at 3:00 AM and when I wake up it is done and tells me if anything was found & repaired.Originally Posted by TonyBKK
Dang, I didn't get any warnings... does that mean my antivirus sucks?
To be sure you didn't get some nasty trojan or rootkit, run this http://www.microsoft.com/security/sc...s/default.aspx
Tony, are you accessing this site with a windows pc?in this case it could be as feejer said..... If you accessing with another OS such as Apple,Linux (android) you likely have nothing....viruses and attacks are mostly made for windows, being the most widely used OS. I have no warnings on my android device...
www.tigersachsclub.com
" Where there is a Wheel there is a Way! "
No, it means that russian crime syndicates are now reading your email :PDang, I didn't get any warnings... does that mean my antivirus sucks?
Considering that the forum software has just been upgraded by the guys in the USA who wrote the software & that only a few people are experiencing this hacking / virus alert I'd say the problem is on the individual computers concerned; otherwise everyone would have the same problem.
Davidfl
Keep The Power On
One member had their Kaspersky anti-virus software warning pop up on an outer (WordPress) page about importing bikes. On checking the page, it appeared likely that it was triggered by a link to an i-Frame page. Some AV programes see any attempt to open a page via an i-Frame as a potential threat - although in this case it was an old HTML page off the GT-Rider web site.
If anyone can send a screenshot of an Anti-Virus / Malware warning including the offending page, that would help.
All the vBulletin forum and Wordpress software has been upgraded, which over-writes all the program files. All the pages on the site are dynamic, database-driven pages, and embedding anything into a paricular page is not an easy thing to do.
Given all of the determined efforts made last year by a known group of miscreants, the VPS we use has pretty tight security applied, and the data-centre do monitor and identify malware threats on client sites.
Further, Google also employs sophisitcated malware checking, and highlights pages with detected threats. I've done a few searches lately and seen no warnings from Google HQ either...
My PC came with a local copied version of Microsoft - do you recommend to run this security scanner?
I do a complete system scan with the free Avira weekly - do you think that's good enough?
Here is what Google reports on GT-Rider regarding malware etc...
- http://www.google.com/safebrowsing/d...e=gt-rider.com
Safe Browsing
Diagnostic page for gt-rider.com
What is the current listing status for gt-rider.com?
This site is not currently listed as suspicious.What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-02-11, and suspicious content was never found on this site within the past 90 days.This site was hosted on 1 network(s) including AS20248 (TAKE2).Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, gt-rider.com did not appear to function as an intermediary for the infection of any sites.Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.URLVOID: http://www.urlvoid.com/ checking against all the main websites that monitor malware etc, GT-Rider.com is listed as "CLEAN"
Alternatively most people wouldnt have the skills or tools to tell..
If your behind a hardware router / firewall many would not know that this was being blocked.
Forgive me for being pedantic by pointing out a spelling mistake but "my behind" is nobody's business!
This is my pop-up from Avast.
ʎɐqǝ uo pɹɐoqʎǝʞ ɐ ʎnq ı ǝɯıʇ ʇsɐן ǝɥʇ sı sıɥʇ
I have included the screenshots/logs of the blocked attacks. It is VERY rare for me to get these notifications at all and I have never received any such on the GT-Rider website before a few days ago. However, these now ONLY happen when accessing the GT-Rider.com main URL but not every time either. As you will see, it just happened again today but now from a different IP (31.184.192.35 vs. 31.184.192.59).
This very well may be and I sincerely hope this is just a big false alarm. But I thought it prudent to ask if it was happening to others as it can become serious quickly. I have a close friend who had thousands of dollars drained from his bank account within a few days after his debit card info was stolen through a hacked Holiday Inn computer network in Osoyoos, Canada.
It took 4 months to investigate and he was lucky to have his money reimbursed by the bank since he reported it promptly. And yes, the criminals who did it were traced to Russia and Belarus but nothing could be done due to lack of jurisdiction. These crime rings are also active locally in installing card skimmers at gas stations and portable ATM's to steal CC #'s and PIN's. They just busted a bunch of them a few months back so "Russian crime syndicates" may seem funny, ridiculous, and far fetched until it happens to you.
Last edited by feejer; 13th February 2012 at 01:36 PM.
Just got the same warning from avast as above..
I can do a screencap but its the same as the image with simply Chrome.exe instead of opera..
i just got these 4 alerts
www.tigersachsclub.com
" Where there is a Wheel there is a Way! "
Its also just happened to me at an internet cafe in Umphang, the first time it has happened to me
Infection DetailsWarn your friends to avoid this website
URL: http://www.gt-rider.com/thailand-motorcy... Process: file://C:\Program Files\Google\Chrome\Ap... Infection: js:Redirector-NV [Trj] 
I've been getting the alerts regarding this site too recently.
Me too using Kaspersky.
By the way everyone running on Windows should consider paying for antivirus protection, kaspersky is not too expensive here and it is one of the best antivirus if not the best.
Next time I have the alert I will post the screenshot.
Posting Permissions
Reply With Quote
Bookmarks